Hi All, Le ven. 14 mai 2021 à 05:00, Petr Štetiar <yn...@true.cz> a écrit : > > Fernando Frediani <fhfredi...@gmail.com> [2021-05-11 20:13:18]: > > Hi, > > > I am no sure https support should still be something by default in the > > images as it's not something really essential > > to me it's like discussion about telnet versus SSH. (Puting aside, that one > shouldn't be using password at all) If it's fine with you to send your root > password over telnet, then SSH is not essential, I agree. > > FYI HTTPS wouldn't be enabled by default, it would be *available* by default, > giving users of default release images choice for management of their devices > over HTTPS, by doing so *explicitly*.
I'm all for HTTPS to be shipped by default One painfull "bug" that some people might face having both HTTP and HTTPS, when you login using HTTPS, the sysauth cookie has secure=true, so you can't login via HTTP anymore because it's trying to modify the secure=true sysauth cookie :( Etienne > OpenWrt has quite huge community, so I hope, that having HTTPS available in > default images would bring the currently horrible UX of self-signed > certificates to wider audience which in turn might foster improvements. > > -- ynezz _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
